EPP via cfHTTP Requests

Description

Wir versuchen eine CFHTTP Verbindung zu switch.ch herzustellen, Port 7001 und es klappt nicht.
Von unserer Seite kriegen wir: epp-test.switch.ch:7001 failed to respond
Sie bekommen dafür aber:
14.02.2020 08:57:13.649; INFO [ch.nic.reg.epp.frontend.RequestHandler] (EPP Worker Thread 4) TLS success:false Userid: null Client protocol: NONE CipherSuite: SSL_NULL_WITH_NULL_NULL IP: /

Sie sehen das wir kein, oder ein veraltetes TLS nutzen.
Gibt es einen Weg die TLS Version im Request anzugeben und wie kann man das debuggen?

Beschreibung von Switch's API: https://www.nic.ch/export/shared/.content/files/EPP-Manual_de.pdf

Environment

  • TLS 1.2 und TLS 1.1

  • Windows Server 2019

  • Apache Tomcat/9.0.20

  • AdoptOpenJDK - Version 11.0.3

  • Lucee version: 5.3.4.77

Activity

Show:
Stefan Simon
February 17, 2020, 12:55 PM

They whitelist IP’s, in this case our Servers IP-Range is whitelisted and only accepts requests that come from a program that isn't a browser.

Justin Carter
February 17, 2020, 11:11 PM

This site has a TLS v1.2 endpoint that can be tested;
https://badssl.com/dashboard/

If I make an HTTP request to their TLS v1.2 endpoint using trycf.com it connects fine and returns a valid response, so it doesn’t appear to be a Lucee issue with TLS v1.2 alone;

https://trycf.com/gist/919832e423e3015cf00eb7e76b8f009b/lucee5?theme=monokai

I’m not sure which ciphers on that endpoint, and the Switch API PDF doesn’t seem to indicate their supported ciphers either but it might be something to debug with their help.

The PDF also seems to mention port 700, not 7001, or is that just for the production environment and not for test?

“Der EPP-Server epp.nic.ch wird mit einer TLS-Verbindung über Port 700 erreicht”

Pothys - MitrahSoft
February 20, 2020, 3:10 PM

,
Did you saw the above comment from Justin carter, If not, please see that too & check with his thought. It'll improve the status of the ticket.

Stefan Simon
February 24, 2020, 7:31 AM

Ah sorry, I was gone for a while.

I have got further info from them, and although they claimed that TLS was the issue all the time, it isnt.
It turned out to be their way of encryption that they desire. EPP.

We’ve not figured out how to make/transmit their special EPP XMLs, or if Lucee is capable of such.
EPP seems to be solitarely used in the domain-name registration business, as far as I can tell, so it wouldnt be likely to just have this to have it.

I am uncertain how much the ticket is in relation to this new information, and if it should be updated to reflect the EPP via cfHTTP (or how to make cfxml with epp encryption?)

 

Zac Spitzer
February 24, 2020, 7:40 AM

You'll need to use some java. Can you update the task title too?

Assignee

Pothys - MitrahSoft

Reporter

Stefan Simon

Priority

Critical

Labels

Fix versions

None

Affects versions

Configure